github
Lack of both steps and uses isn't flagged as an error
Describe the bug A clear and concise description of what the bug is.
To Reproduce Steps to reproduce the behavior:
- With this workflow
csharp-qltest.yml:
name: "C#: Run QL Tests"
on:
push:
paths:
- "csharp/**"
- "shared/**"
- .github/actions/fetch-codeql/action.yml
- codeql-workspace.yml
branches:
- main
- "rc/*"
pull_request:
paths:
- "csharp/**"
- "shared/**"
- .github/workflows/csharp-qltest.yml
- .github/actions/fetch-codeql/action.yml
- codeql-workspace.yml
branches:
- main
- "rc/*"
defaults:
run:
working-directory: csharp
jobs:
qlupgrade:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/fetch-codeql
- name: Check DB upgrade scripts
run: |
echo >empty.trap
codeql dataset import -S ql/lib/upgrades/initial/semmlecode.csharp.dbscheme testdb empty.trap
codeql dataset upgrade testdb --additional-packs ql/lib
diff -q testdb/semmlecode.csharp.dbscheme ql/lib/semmlecode.csharp.dbscheme
- name: Check DB downgrade scripts
run: |
echo >empty.trap
rm -rf testdb; codeql dataset import -S ql/lib/semmlecode.csharp.dbscheme testdb empty.trap
codeql resolve upgrades --format=lines --allow-downgrades --additional-packs downgrades \
--dbscheme=ql/lib/semmlecode.csharp.dbscheme --target-dbscheme=downgrades/initial/semmlecode.csharp.dbscheme |
xargs codeql execute upgrades testdb
diff -q testdb/semmlecode.csharp.dbscheme downgrades/initial/semmlecode.csharp.dbscheme
choose-runner:
runs-on: ubuntu-latest
outputs:
mac-12: ${{ vars.use-large-mac-runners-for-speed && 'mac-12-xl' || 'mac-12' }}
ubuntu-latest: ${{ vars.use-large-linux-runners-for-speed && 'ubuntu-latest-xl' || 'ubuntu-latest' }}
windows-latest: ${{ vars.use-large-win-runners-for-speed && 'windows-latest-xl' || 'windows-latest' }}
qltest:
needs: choose-runner
runs-on: ${{ needs.choose-runner.outputs.ubuntu-latest }}
strategy:
fail-fast: false
matrix:
slice: ["1/2", "2/2"]
steps:
- uses: actions/checkout@v4
- uses: ./csharp/actions/create-extractor-pack
- name: Cache compilation cache
id: query-cache
uses: ./.github/actions/cache-query-compilation
with:
key: csharp-qltest-${{ matrix.slice }}
- name: Run QL tests
run: |
codeql test run --threads=0 --ram 50000 --slice ${{ matrix.slice }} --search-path extractor-pack --check-databases --check-undefined-labels --check-repeated-labels --check-redefined-labels --consistency-queries ql/consistency-queries ql/test --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
env:
GITHUB_TOKEN: ${{ github.token }}
unit-tests:
strategy:
matrix:
os: [ubuntu-latest, windows-2019]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- name: Setup dotnet
uses: actions/setup-dotnet@v4
with:
dotnet-version: 8.0.100
- name: Extractor unit tests
run: |
dotnet test -p:RuntimeFrameworkVersion=8.0.0 extractor/Semmle.Util.Tests
dotnet test -p:RuntimeFrameworkVersion=8.0.0 extractor/Semmle.Extraction.Tests
dotnet test -p:RuntimeFrameworkVersion=8.0.0 autobuilder/Semmle.Autobuild.CSharp.Tests
dotnet test -p:RuntimeFrameworkVersion=8.0.0 "${{ github.workspace }}/cpp/autobuilder/Semmle.Autobuild.Cpp.Tests"
shell: bash
stubgentest:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./csharp/actions/create-extractor-pack
- name: Run stub generator tests
run: |
# Generate (Asp)NetCore stubs
STUBS_PATH=stubs_output
python3 scripts/stubs/make_stubs_nuget.py webapp Swashbuckle.AspNetCore.Swagger 6.5.0 "$STUBS_PATH"
rm -rf ql/test/resources/stubs/_frameworks
# Update existing stubs in the repo with the freshly generated ones
mv "$STUBS_PATH/output/stubs/_frameworks" ql/test/resources/stubs/
git status
codeql test run --threads=0 --search-path extractor-pack --check-databases --check-undefined-labels --check-repeated-labels --check-redefined-labels --consistency-queries ql/consistency-queries -- ql/test/library-tests/dataflow/flowsources/aspremote
env:
GITHUB_TOKEN: ${{ github.token }}
- Look at the choose-runner job
Expected behavior
According to GitHub, this job isn't valid: https://github.com/jsoref/codeql/actions/runs/7712430252
Invalid workflow file: .github/workflows/csharp-qltest.yml#L1 No steps defined in
stepsand no workflow called inusesfor the following jobs: choose-runner
Generally if a workflow isn't valid, this extension will complain, e.g. if I add just steps::
Screenshots
Invalid workflow file: .github/workflows/csharp-qltest.yml#L1
No steps defined in steps and no workflow called in uses for the following jobs: choose-runner
Extension Version
v0.26.2
Additional context
actionlint (https://github.com/rhysd/actionlint) does a good job in detecting empty steps, see here.
There's also a VScode extension for actionlint (I didn't use it myself):
https://marketplace.visualstudio.com/items?itemName=arahata.linter-actionlint.
I was looking for a bug I'm encountering and I came across this issue, this actually isn't a bug, because you can call a reusable workflow from a job and omit steps: an example of this is described here: https://docs.github.com/en/actions/sharing-automations/reusing-workflows#using-a-matrix-strategy-with-a-reusable-workflow
This means that there are situations where steps can be omitted, but this checker probably needs to be smarter and only allow omission if uses has a value.
It's a bug that the specific workflow isn't flagged as in error-- you're right that the initial summary wasn't strict enough about the conditions, although the body of the issue should have been sufficient for any engineer working on it. I've updated the summary.
I proposed a fix, see https://github.com/actions/languageservices/pull/98.